No centralized cryptocurrency company is safe from hacks or thefts, regardless of its size. Even Crypto.com suffered from a hack resulting in the theft of 4,600 Ether. Some of that funds are now being laundered through the Tornado Cash Ethereum mixer, triggering more market unease.
Crypto.com Loses 4,600 ETH
Things are not looking too great for the Crypto.com platform. Several users confirm funds have been stolen from their wallets in recent days. While the company claims this affects a “small number of users”, it has forced Crypto.com to pause all withdrawals on the platforms. Even more problematic is how several of the affected users have two-factor authentication, yet that wasn’t sufficient to protect their accounts.
When incidents like these occur, many uneasy questions need to be answered. In theory, it is impossible to bypass 2FA unless it is either an inside job or the user suffers from a SIM Swap attack. Unfortunately, it does not appear the latter option has been the case for any of the affected users. However, that doesn’t mean this is an inside job either, as all funds have been taken from the hot wallet rather than cold storage.
A total of 4,600 Ether has been stolen so far, and it appears the money is making its way through the Tornado Cash Ethereum mixer. For those unaware, Tornado Cash helps users improve privacy by obscuring on-chain links between the source and recipient of funds moved through this protocol. The service has been around for nearly two years and has proven popular among privacy-oriented enthusiasts.
So far, it would appear the hacker – or hackers – have transferred the Crypto.com balance in sets of 100 Ether. Both the incoming and outgoing transactions of funds have been executed quickly. There is barely any balance left to launder right now, making it problematic where the money will end up. Dumping the funds across exchanges remains a plausible outcome, although every trading platform will be on high alert for any suspicious deposits.